Start of changes for service refresh 4 fix pack 5

Setting a list of enabled named groups

If the default list of enabled named groups is inadequate for your application, you can use the jdk.tls.namedGroups system property to specify an additional list of named groups.

The following list shows the named groups that are enabled by default.

Start of changes for service refresh 6 The named groups that were enabled by default in service refresh 6 and later refreshes:
// recommended
   Start of changes for service refresh 8 fix pack 30x25519 (29)End of changes for service refresh 8 fix pack 30
   secp256r1 (23)
   secp384r1 (24)
   secp521r1 (25)
   Start of changes for service refresh 8 fix pack 30x448 (30)End of changes for service refresh 8 fix pack 30
   Start of changes for service refresh 6 fix pack 35ffdhe2048 (256)End of changes for service refresh 6 fix pack 35
   Start of changes for service refresh 6 fix pack 35ffdhe3072 (257)End of changes for service refresh 6 fix pack 35
   Start of changes for service refresh 6 fix pack 35ffdhe4096 (258)End of changes for service refresh 6 fix pack 35
   Start of changes for service refresh 6 fix pack 35ffdhe6144 (259)End of changes for service refresh 6 fix pack 35
   Start of changes for service refresh 6 fix pack 35ffdhe8192 (260)End of changes for service refresh 6 fix pack 35
   Start of changes for service refresh 8 fix pack 55X25519MLKEM768 (4588)End of changes for service refresh 8 fix pack 55
Notes:
  • Start of changes for service refresh 6 fix pack 35Support for ffdhe3072, ffdhe4096, ffdhe6144, and ffdhe8192 requires the IBMJCEPlus or the IBMJCEPlusFIPS providers.End of changes for service refresh 6 fix pack 35
  • Start of changes for service refresh 8 fix pack 30Support for x25519 and x448 requires the IBMJCEPlus provider.End of changes for service refresh 8 fix pack 30
  • Start of changes for service refresh 8 fix pack 55Support for X25519MLKEM768 requires the IBMJCEPlus provider.End of changes for service refresh 8 fix pack 55
End of changes for service refresh 6
The named groups that were enabled by default before service refresh 6:
// recommended
   secp256r1 (23)
   secp384r1 (24)
   secp521r1 (25)

   // NIST curves
   sect283k1 (9)
   sect283r1 (10)
   sect409k1 (11)
   sect409r1 (12)
   sect571k1 (13)
   sect571r1 (14)

   // Non-FIPS curves
   secp256k1 (22)
Additional named groups can be specified by setting the jdk.tls.namedGroups system property. For example:
jdk.tls.namedGroups="secp521r1,secp256r1Start of changes for service refresh 6 fix pack 35,ffdhe2048End of changes for service refresh 6 fix pack 35"
The values for named groups must be separated with a comma. If the system property is not defined or the value is empty, the default named groups and preferences are used.
End of changes for service refresh 4 fix pack 5